git.baikalelectronics.ru Git - kernel.git/commit

author	Thomas Gleixner <tglx@linutronix.de>
	Wed, 20 Nov 2019 23:40:23 +0000 (00:40 +0100)
committer	Peter Zijlstra <peterz@infradead.org>
	Thu, 21 Nov 2019 18:37:43 +0000 (19:37 +0100)
commit	bdbd08df5bc0a529c43ac68a02b5ea2dba086e89
tree	21899c9a10a905835960fa9820b1716ae4ef8055	tree \| snapshot
parent	a41ca8f3cddba4492d42a42c3212c6d98fe054a6	commit \| diff

x86/pti/32: Size initial_page_table correctly

Commit 96e51b4c1eae ("x86/cpu_entry_area: Sync cpu_entry_area to
initial_page_table") introduced the sync for the initial page table for
32bit.

sync_initial_page_table() uses clone_pgd_range() which does the update for
the kernel page table. If PTI is enabled it also updates the user space
page table counterpart, which is assumed to be in the next page after the
target PGD.

At this point in time 32-bit did not have PTI support, so the user space
page table update was not taking place.

The support for PTI on 32-bit which was introduced later on, did not take
that into account and missed to add the user space counter part for the
initial page table.

As a consequence sync_initial_page_table() overwrites any data which is
located in the page behing initial_page_table causing random failures,
e.g. by corrupting doublefault_tss and wreckaging the doublefault handler
on 32bit.

Fix it by adding a "user" page table right after initial_page_table.

Fixes: cd07fea5cfbb ("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Joerg Roedel <jroedel@suse.de>
Cc: stable@kernel.org